Export limit exceeded: 13898 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13898 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66093 | 2 Hupe13, Wordpress | 2 Extensions For Leaflet Map, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hupe13 Extensions for Leaflet Map extensions-leaflet-map allows DOM-Based XSS.This issue affects Extensions for Leaflet Map: from n/a through <= 4.8. | ||||
| CVE-2025-63044 | 3 Elementor, Wordpress, Xpro | 3 Elementor, Wordpress, Xpro Elementor Addons | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1. | ||||
| CVE-2025-63037 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DFDevelopment Ronneby Theme Core ronneby-core allows DOM-Based XSS.This issue affects Ronneby Theme Core: from n/a through <= 1.5.68. | ||||
| CVE-2025-58996 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Upload a Web Shell to a Web Server.This issue affects Advanced Settings: from n/a through <= 3.1.1. | ||||
| CVE-2025-66102 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FolioVision FV Antispam fv-antispam allows Reflected XSS.This issue affects FV Antispam: from n/a through <= 2.7. | ||||
| CVE-2025-66099 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in ThemeAtelier Chat Help chat-help allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chat Help: from n/a through <= 3.1.3. | ||||
| CVE-2025-58998 | 2 S2member, Wordpress | 2 S2member, Wordpress | 2026-04-15 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Cristián Lávaque s2Member s2member allows Object Injection.This issue affects s2Member: from n/a through <= 250701. | ||||
| CVE-2025-58999 | 2 Loopus, Wordpress | 2 Wp Attractive Donations System, Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in loopus WP Attractive Donations System - Easy Stripe & Paypal donations WP_AttractiveDonationsSystem allows Cross Site Request Forgery.This issue affects WP Attractive Donations System - Easy Stripe & Paypal donations: from n/a through <= 1.25. | ||||
| CVE-2025-59004 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pco_58 WC Return products wc-return-product allows Reflected XSS.This issue affects WC Return products: from n/a through <= 1.5. | ||||
| CVE-2025-59134 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in Jthemes Sale! Immigration law, Visa services support, Migration Agent Consulting immiex allows Privilege Escalation.This issue affects Sale! Immigration law, Visa services support, Migration Agent Consulting: from n/a through <= 1.5.8. | ||||
| CVE-2025-66116 | 2 Userelements, Wordpress | 2 Ultimate Member Widgets For Elementor, Wordpress | 2026-04-15 | 7.5 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in UserElements Ultimate Member Widgets for Elementor ultimate-member-widgets-for-elementor allows Retrieve Embedded Sensitive Data.This issue affects Ultimate Member Widgets for Elementor: from n/a through <= 2.3. | ||||
| CVE-2025-66118 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Sprout Clients sprout-clients allows Reflected XSS.This issue affects Sprout Clients: from n/a through <= 3.2.1. | ||||
| CVE-2025-66119 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Hostel hostel allows Reflected XSS.This issue affects Hostel: from n/a through <= 1.1.5.9. | ||||
| CVE-2025-63017 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in fuelthemes WerkStatt Plugin werkstatt-plugin allows PHP Local File Inclusion.This issue affects WerkStatt Plugin: from n/a through <= 1.6.6. | ||||
| CVE-2025-58592 | 2 Cozmoslabs, Wordpress | 2 Translatepress, Wordpress | 2026-04-15 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multilingual allows Object Injection.This issue affects TranslatePress: from n/a through <= 2.10.2. | ||||
| CVE-2025-62997 | 2 Levelfourdevelopment, Wordpress | 2 Wp-easycart, Wordpress | 2026-04-15 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in levelfourdevelopment WP EasyCart wp-easycart allows Retrieve Embedded Sensitive Data.This issue affects WP EasyCart: from n/a through <= 5.8.11. | ||||
| CVE-2025-62996 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Code Amp Custom Layouts – Post + Product grids made easy custom-layouts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Layouts – Post + Product grids made easy: from n/a through <= 1.4.12. | ||||
| CVE-2025-66129 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in wppochipp Pochipp pochipp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pochipp: from n/a through <= 1.18.0. | ||||
| CVE-2025-62994 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7. | ||||
| CVE-2025-59550 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in designervily Xcare xcare allows PHP Local File Inclusion.This issue affects Xcare: from n/a through < 6.5. | ||||